SANTA FE, N.M., Dec. 11, 2017 /PRNewswire/ -- The Shared Assessments Program has released its General Data Protection Regulation (GDPR): Data Processor Privacy Tool Kit, another actionable resource in its "Building Best Practices" series.
Organizations struggling with the challenges of meeting the European Union's (EU) General Data Protection Regulation (GDPR) 2016/679 Article 28 "Processor" directives should utilize this Tool Kit. Data processors (service provides) can also use the Tool Kit proactively to prepare for requests from data controllers (outsourcers), as well as to guide their own information requests to sub-processors.
With the May 25, 2018 deadline for GDPR compliance, stringent new requirements will be imposed on how controllers may appoint and monitor processors. GDPR changes to privacy rules over processors include:
- Compliance liability for data protection will now extend to data processors.
- Prescriptions for certain matters must be stipulated in contracts or other legal engagements.
- Both controller and processor third party vendor management programs may require additional due diligence to meet the new requirements.
This GDPR Privacy Tool Kit was designed by the Shared Assessments Program's Privacy Committee – a leading group of cross-industry third party risk management privacy professionals – as a flexible set of tools and templates that any organization can incorporate into their third party risk management structures and processes.
The Tool Kit:
- Provides preliminary guidance for both controllers and processors to effectively evaluate and manage third party data processor risk under the GDPR.
- Contains tools, contract provision and examination artifact checklists and templates that can be utilized to evaluate the readiness and maturity of the existing controls against a broad range of GDPR privacy-relevant requirements.
- Components can be leveraged by organizations as a standalone privacy assessment of the third party relationship, or be incorporated into the organizations' entire Vendor Risk Management program.
The Shared Assessments' GDPR: Data Processor Privacy Tool Kit is available for free download here.
About the Shared Assessments Program
As the trusted leader in third party risk management, the member-driven Shared Assessments Program has been setting the standard in third party risk assessments since 2005. Shared Assessments Program members work together to build and disseminate best practices resources that give all risk management stakeholders a faster, more rigorous and efficient means of conducting security, privacy and business resiliency control assessments. For more information, please visit http://www.sharedassessments.org.
Jenny Burke, Senior Vice President of Communications & Marketing
SOURCE The Santa Fe Group, Shared Assessments Program